Re: security tools with email notification

From: dewt (dewt@kc.rr.com)
Date: 12/01/01


From: dewt <dewt@kc.rr.com>
To: John Christopher <john_christopher1997@yahoo.com>, security-basics@securityfocus.com
Date: Fri, 30 Nov 2001 17:17:38 -0600

On Thursday 29 November 2001 12:31 pm, John Christopher wrote:
> Hi -
>
> Many security tools (logcheck, for example)
> provide a facility for sending warnings, etc.
> to an email address.
>
> 1. Can anyone see any security problems with
> sending such info to a yahoo.com email address
> (in other words, how secure is yahoo mail)?
yes, you can expose usernames, and under some things even passwords in
plaintext sent over the internet should anyone compromise yahoo's mail system
or get your password, however encrypting it should offfer you plenty of
protection
> 2. Is it possible for an attacker to intercept
> email messages sent from a host he has targeted?
yes, but it would generally involve compromising systems somewhere between
that host and the yahoo mail servers for an outside attacker. it would be
relatively simple for someone inside to do it in most cases though
> 3. Should such emails be encrypted before being
> sent?
definitely
> Thanks -
> JC